| 1 | + | #Check for webshells |
| 2 | + | get-childitem -path "C:\Program Files\Microsoft\Exchange Server\V15\FrontEnd\" -Recurse -Filter *.aspx | ? {$_.LastWriteTime -gt (Get-Date).AddDays(-30)} |
| 3 | + | |
| 4 | + | get-childitem -path "C:\inetpub\wwwroot" -Recurse -Filter *.aspx | ? {$_.LastWriteTime -gt (Get-Date).AddDays(-30)} |
| 5 | + | |
| 6 | + | get-childitem -path "C:\Users\All Users" -Recurse -Filter *.aspx | ? {$_.LastWriteTime -gt (Get-Date).AddDays(-30)} |
| 7 | + | |
| 8 | + | #Check for virtual directory abuse |
| 9 | + | |
| 10 | + | [xml]$xmlElm = Get-Content -Path "C:\Windows\System32\inetsrv\Config\applicationHost.config" |
| 11 | + | $xmlElm.ChildNodes.location |
| 12 | + | |
| 13 | + | |